Web Pages Tamper-Proof Method Using Virus-Based Watermarking
Cong Jin, Hongfeng Xu, Xiaoliang Zhang
Department of Computer Science, Central China Normal University, Wuhan 430079, P.R.China
E-mail: jincong@mail.ccnu.edu.cn
Abstract
A novel tamper-proof model of web pages using
virus-based watermarking is proposed in this paper.
The model provides a good security and accuracy
about judging the situation of web page tampering.
The classifying theory based on virus is applied when
watermark embedded and extracted. The proposed
scheme is applied in all kinds of HTML or XML files,
not just for English letters but also for the rest of
characters. More importantly, it can be restored to the
original file completely when the watermark is
extracted. Therefore, the proposed scheme, associated
with 3rd generation technology of tamper-proof for web
pages, exhibits a good property of real-time
performance and security. Experiment results show
that it overwhelms existing schemes of tamper-proof in
that it does not increase the file size and it does not
expend great computing time such as cryptography.
1. Introduction
Websites plays an important role with the
development of information, and it has spread all over
the world. Greats of websites and web people put a
good base for the rapid development of the information
times. The position of web pages has been enhanced
increasingly. The web pages stands for its home for the
enterprise and the government. However, Hacker
intrusion and homepage tampers happen constantly
through the system leak caused by the complexity and
diversity of application systems, although the
safeguard measures such as firewall and intrusion
detection have been taken. The tampered web pages
account for over 30,000 during May, 2007. In other
words, about one website suffered being attacked in
1.5 minutes on average. So it is extremely important
for us to exploit and develop the new scheme against
websites being tampered.
The technique of tamper-proof has developed to 3rd
generation, which is the combination of file filter
driving and event-triggered technology. The technique
978-1-4244-1724-7/08/$25.00 ©2008 IEEE
Authorized licensed use limited to: University of South Australia. Downloaded on March 24,2010 at 23:25:02 EDT from IEEE Xplore. Restrictions apply.
of time polling and the cryptography has been far away
from what we need. A primary drawback of Hash
algorithm [1] for tamper-proof of website is that it
requires extra storage and channel to transmit the Hash
value. Recently developed watermark technique
provides alternatives for integrity protection of digital
documents [2]. Katzenbeisser et al.[3] proposed a
watermark-based method by adding space and tag into
the source code of web pages. However, it has the
problem of expanding the size. The watermark scheme
based on PCA [4] takes up greats of computing though
it does not expand the file size. The information hiding
technology based on web page tags [5] purposes to
insert the information into the predicted position and
the tags may be executed by browser.
This paper provides a novel watermark scheme that
can be associated with the 3rd generation technique.
And it overcomes the defaults, exhibiting a good
property of real-time performance, security.
2. Theory and application
2.1. Virus-based theory
Computer virus always adapts to divide itself into
many pieces to hide in anywhere of the file [6]. The
virus could reduplicate and reconstruct to itself as long
as all the pieces are not deleted. However, when the
sequence of construction is changed, the virus will lose
vitality. Accordingly, the embedded watermark
information is a sequence phrase. Once the web page is
tampered, the watermark information can be still
extracted but remains to be a changed sequence phrase.
So, we can compare the extracted watermark
information with the embedded watermark information
one to detect the security of the web page timely.
2.2. Application of watermark in tamper-proof
The key program of the tamper-detection will be
applied in the web server by the technology of file
filter driving, then automatic detection will be done by
1012 ICALIP2008
the way of event-triggered. All the files in the folder
that have been sorted by fast algorithm will be
extracted out of the watermark information, which is
timely to be compared with the information embedded
in advance. If they don’t match, the corresponding file
content of backup will be copied to the location of the
tampered file. The process of copy is completed by the
way of the non-protocol and pure text, so it behaves
high security.
Besides the process lasts only millisecond. The
running property and real-time detection reach a
relatively high standard. When users want to browse
the web page, the request will be sent to the web
server. Once the server responds, it calls the program
to extract the watermark out of the relative file. Then
the file restores the original one that will be sent to
users. Please see Fig.1.
3. Watermark embedded and tamper
detection
3.1. Watermark embedded and extracted
Fig.2 and Fig.3 show method of watermark
embedded and extracted respectively.
Key
3.2. Watermark embedded algorithm
We select a character that exists in high frequency
as the key. The key will act as the dividing point and
the text, such as HTML and XML, will be segmented
to lots of section. We call the section as element. All
the elements are divided into 32 classes just by Hash
classified. Thus one class may contain several or more
elements. Meanwhile it produces the 32-bit random
sequence of ASCII value by seed, where the ASCII
value ranged from 00 to 31.
The 32 spices of information to be embedded
respond to 32-bit sequence by certain way. Then some
spaces in each class are replaced by the ASCII value
according to the characteristic statistic of spaces. The
relative table which contains the class, the character
embedded and the significant letters is created for
extracting significant information.
The key issue is the location where we should
define. In this paper, the location is defined according
to the statistics of “<” and “>” on each aggregate. If the
aggregate doesn’t contain any “<” or “>”, all the
spaces will be replaced by the responding ASCII. Else
the spaces that are in front of “<” and behind of “>”
will be replaced by the responding ASCII.
3.3. Tamper detection

The program of tamper detection consists of two

Source file Segment by Key Classified steps:
by Hash 1) Firstly, watermark is extracted. The basic
classified step is the same as the step of watermark
Source file embedded, and then extracts the information on each
Information Characteristic
embedded statistic
aggregate. In theory, one kind of information is
extracted on each aggregate. Therefore if more than
one kind of information is extracted, the one that
Random sequence appears least on frequency is extracted. Then a
sequencing phrase is produced according to the relative
Fig.2 Watermark embedded model table.
The following is watermark comparing.
Key The extracted sequence phrase is compared with the
phrase embedded. If they are not matched, we can
draw the conclusion that the file has been tampered.
Secure Segment by Classified The responding file is copied from the backup files on
file Key by Hash the bottom layer of the OS at the fastest time.

Secure Information 3.4. Original file restored

file extracted
When the user requests the web page, the program
Random
of restoring original file is running. It traverses the
sequence
whole file in sequence and replaces the character
whose ASCII value is less than 31 into the space. Thus
Fig.3 Watermark extracted model

1013

Authorized licensed use limited to: University of South Australia. Downloaded on March 24,2010 at 23:25:02 EDT from IEEE Xplore. Restrictions apply.
the original file is running on the server and sent to the
user.
4. Experiments and analysis
In the experiment, we choose a simple HTML file
as the original file, and its source code is also called
the cover file. Before the information will be
embedded the cover file is read as the .txt file. The
experiment and analysis are as follows.
Fig.4 Original cover file
Fig.5 Watermark embedded file
Fig.6 Watermark
Fig.7 Watermark tampered
In the experiment, the detect program is simulated.
The program reads the source code of web page
showed as Fig.4. The secure file is obtained when the
watermark information is embedded. Thus it is just the
file that saves in the path on the server and becomes
the object to be attacked by hacker. Fig.5 presents the
watermark embedded file. We can see that there are no
distinct difference between original and the watermark
embedded file.
1014
Authorized licensed use limited to: University of South Australia. Downloaded on March 24,2010 at 23:25:02 EDT from IEEE Xplore. Restrictions apply.
Because the embedded information is the invisible
characters whose ASCII value is less than 32, the
editor can not recognize them. Fig.6 reflects integrate
watermark information extracted in good effect, which
is consisting of meaningful phrase information. It can
not only present itself copyright, more importantly it is
used for detecting whether the web page file is
tampered by the watermark matching.
Fig.7 shows the watermark information extracted
from the tampered file just as adding the tag <td> and
</td>. Obviously three information bits have been
changed, so they don’t match. The hint will be given
that the file has been tampered. Actually the watermark
information is related with the length of each item in
aggregate, so the watermark will be different if the
code is added in or deleted.
5. Conclusions
The paper provides a new watermark scheme which
is applied in tamper-proof of web page. It presents
good property as follows.
(1) It behaves less computing than the cryptography
that is always used in the second generation technique
[7]
. Also it can make the most accurate judge on
whether the file has been tampered, which is not done
by the cryptography. Table 1 presents the running time
of both algorithms.
Table 1 Comparison of two algorithms on
running time
Algorithm Cryptography Proposed
Running time 2.163s 1.872s
(2) The size of all embedded files doesn’t expand
and it’s the same size as before, although the
watermark is embedded.
(3) The scheme, associated with the 3rd generation,
provides the good security for the website. The user
can’t look through the tampered web page because the
restored file can’t be sent to the user when the
extracted watermark doesn’t match the embedded
watermark. Besides the program can detect the security
file timely and copy the file on bottom layer to cover
the tampered file once being detected to be tampered.
Actually the speed of Internet traveling is so fast that it
proposes high requirement on security.
On the opposite, if it doesn’t depend on the 3rd
generation, the program must match the information
with the embedded one when the server responds to the
user, which will surely add the time consumption and
slow down the speed of browsing the web page.
 (4) It accomplishes blind detection, which decreases Watermarking system. IEICE Trans, Fundamentals E
the overhead and consumption on OS. 87-A(4): 949-951, 2004
One side to be mentioned is that the new scheme
presents the fragile watermark so that it makes the [3] S.Katzenbeisser, A.P.Petitcols. Information hiding
techniques for steganography and digital Watermark.
tamper detecting behave good robustness and security. Boston, Artech House, 2000
However, it demands the server to be good property
and high speed. Other side, the database linked to the [4] Qijun Zhao and Hongtao Lu. A PCA-based
file should be copied and modified timely. watermarking scheme for tamper-proof of web pages.
Pattern Recognition 38: 1321-1323, 2005
6. Acknowledgements
[5] Changzheng Wang and Jianhui Liu. Research and
implementation of the information hiding technology
This work was supported by the Natural Science based on web page tags. 2007
Foundation of Hubei (China) and Grant
No.2007ABA119. [6] Haiyan Zhou, Fengsong Hu and Can Chen. English text
digital watermarking algorithm based on idea of virus.
7. References Computer Engineering and Applications, 43(7): 78-80,
2007
[1] W. Stallings. Cryptography and network security
[7] Liu Gu. Research and implementation of information
principles and practice. Prentice-Hall, Englewood
hiding based on web page, Microcomputer
Cliffs, NJ, 1999
Information. 22: 186-187, 2006
[2] Guorui Feng, Lingge Jiang and Chen He. Orthogonal
transformation to enhance the security of the still image

Request Copy
The file of information embedded

User Backup
Watermark extracted Tamper detection Files

Respond N

Original file Watermark match

End

Fig.1 Application of watermark in tamper-proof

1015

Authorized licensed use limited to: University of South Australia. Downloaded on March 24,2010 at 23:25:02 EDT from IEEE Xplore. Restrictions apply.